Skip to content

[CRASH] OpenSIPS crashes on start-up after receiving SIP message #1771

New issue
New issue
Closed
Closed
[CRASH] OpenSIPS crashes on start-up after receiving SIP message#1771
Assignees
razvancrainea
Labels
bughigh-priority
@clifjones

Description

@clifjones
clifjones
opened on Jul 16, 2019

After updating to OpenSIPS 2.4 update to pick up a fix to a module, we noticed that OpenSIPS crashes sometimes at the end of start-up. It is difficult to produce this on demand and appears to be related to receiving a SIP message right at the end of the start-up sequence.

OpenSIPS version you are running

# opensips -V
version: opensips 2.4.6 (x86_64/linux)
flags: STATS: On, DISABLE_NAGLE, USE_MCAST, SHM_MMAP, PKG_MALLOC, F_MALLOC, FAST_LOCK-ADAPTIVE_WAIT
ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16, MAX_URI_SIZE 1024, BUF_SIZE 65535
poll method support: poll, epoll, sigio_rt, select.
git revision: 5acb9ac7d
main.c compiled on 18:21:07 Jul 15 2019 with gcc 7

git_version: "5acb9ac7dac1baee4ec1fbf74582c43d7d00e667"

Crash Core Dump

Reading symbols from /usr/local/sbin/opensips...done.
[New LWP 6993]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/local/sbin/opensips -P /var/run/inin/opensips-forward.pid -f /home/pcv-sip'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  fm_remove_free (n=0x7f29a65b6f98, qm=0x7f29a53a3000) at mem/f_malloc.c:209
209		*pf=n->u.nxt_free;
Missing separate debuginfos, use: debuginfo-install cyrus-sasl-lib-2.1.26-23.amzn2.x86_64 glibc-2.26-32.amzn2.0.1.x86_64 keyutils-libs-1.5.8-3.amzn2.0.2.x86_64 krb5-libs-1.15.1-20.amzn2.0.1.x86_64 libcom_err-1.42.9-12.amzn2.0.2.x86_64 libcrypt-2.26-32.amzn2.0.1.x86_64 libcurl-7.61.1-9.amzn2.0.1.x86_64 libidn2-2.0.4-1.amzn2.0.2.x86_64 libnghttp2-1.31.1-1.amzn2.0.2.x86_64 libselinux-2.5-12.amzn2.0.2.x86_64 libssh2-1.4.3-12.amzn2.2.x86_64 libunistring-0.9.3-9.amzn2.0.2.x86_64 nspr-4.19.0-1.amzn2.x86_64 nss-3.36.0-7.amzn2.x86_64 nss-util-3.36.0-1.amzn2.x86_64 openldap-2.4.44-15.amzn2.x86_64 openssl-libs-1.0.2k-16.amzn2.1.1.x86_64 pcre-8.32-17.amzn2.0.2.x86_64 postgresql-libs-9.2.24-1.amzn2.0.1.x86_64 zlib-1.2.7-17.amzn2.0.2.x86_64
(gdb) where
#0  fm_remove_free (n=0x7f29a65b6f98, qm=0x7f29a53a3000) at mem/f_malloc.c:209
#1  fm_malloc (qm=0x7f29a53a3000, size=40) at mem/f_malloc.c:438
#2  0x00000000004e0e6d in shm_malloc (size=<optimized out>)
    at evi/../mem/shm_mem.h:437
#3  new_avp (val=..., id=1, flags=<optimized out>) at usr_avp.c:117
#4  add_avp_last (flags=<optimized out>, name=1, val=...) at usr_avp.c:164
#5  0x00000000004fd966 in pv_set_avp (msg=<optimized out>,
    param=<optimized out>, op=52, val=<optimized out>) at pvar.c:2512
#6  0x00000000004fb452 in pv_set_value (msg=msg@entry=0x7f29e5438108,
    sp=sp@entry=0x7f29e53c3738, op=<optimized out>, value=<optimized out>)
    at pvar.c:4297
#7  0x000000000042dfe2 in do_assign (msg=msg@entry=0x7f29e5438108,
    a=a@entry=0x7f29e53c39a0) at action.c:290
#8  0x000000000042f626 in do_action (a=a@entry=0x7f29e53c39a0,
    msg=msg@entry=0x7f29e5438108) at action.c:1986
#9  0x0000000000437bb6 in run_action_list (a=<optimized out>,
    msg=msg@entry=0x7f29e5438108) at action.c:172
#10 0x000000000043063c in do_action (a=a@entry=0x7f29e53c4858,
    msg=msg@entry=0x7f29e5438108) at action.c:1168
#11 0x0000000000437bb6 in run_action_list (a=<optimized out>,
    msg=0x7f29e5438108) at action.c:172
#12 0x0000000000437ef7 in run_actions (a=<optimized out>, msg=<optimized out>)
    at action.c:137
#13 0x0000000000433c61 in do_action (a=a@entry=0x7f29e5423770,
    msg=msg@entry=0x7f29e5438108) at action.c:761
#14 0x0000000000437bb6 in run_action_list (a=<optimized out>,
    msg=0x7f29e5438108) at action.c:172
#15 0x0000000000437ef7 in run_actions (a=<optimized out>, msg=<optimized out>)
    at action.c:137
#16 0x0000000000433c61 in do_action (a=a@entry=0x7f29e541a598,
    msg=msg@entry=0x7f29e5438108) at action.c:761
#17 0x0000000000437bb6 in run_action_list (a=<optimized out>,
    msg=0x7f29e5438108) at action.c:172
#18 0x0000000000437ef7 in run_actions (a=<optimized out>, msg=<optimized out>)
    at action.c:137
#19 0x0000000000433c61 in do_action (a=a@entry=0x7f29e5412be0,
    msg=msg@entry=0x7f29e5438108) at action.c:761
#20 0x0000000000437bb6 in run_action_list (a=<optimized out>,
    msg=0x7f29e5438108) at action.c:172
#21 0x0000000000437ef7 in run_actions (a=<optimized out>, msg=<optimized out>)
    at action.c:137
#22 0x0000000000433c61 in do_action (a=a@entry=0x7f29e53f4068,
    msg=msg@entry=0x7f29e5438108) at action.c:761
#23 0x0000000000437bb6 in run_action_list (a=<optimized out>,
    msg=msg@entry=0x7f29e5438108) at action.c:172
#24 0x0000000000434fc9 in do_action (a=a@entry=0x7f29e53f42c0,
    msg=msg@entry=0x7f29e5438108) at action.c:1124
#25 0x0000000000437bb6 in run_action_list (a=<optimized out>,
    msg=0x7f29e5438108) at action.c:172
#26 0x0000000000437ef7 in run_actions (a=<optimized out>, msg=<optimized out>)
    at action.c:137
#27 0x0000000000433c61 in do_action (a=a@entry=0x7f29e53cdd50,
    msg=msg@entry=0x7f29e5438108) at action.c:761
#28 0x0000000000437bb6 in run_action_list (a=a@entry=0x7f29e53cce28,
    msg=msg@entry=0x7f29e5438108) at action.c:172
#29 0x000000000043806a in run_actions (msg=0x7f29e5438108, a=0x7f29e53cce28)
    at action.c:137
#30 run_top_route (a=0x7f29e53cce28, msg=msg@entry=0x7f29e5438108)
    at action.c:214
#31 0x000000000043ef6e in receive_msg (
    buf=0x937ec0 <buf> "ACK sip:12287281041@34.207.221.183:5060;transport=tcp SIP/2.0\r\nRoute: <sip:10.32.42.80:5060;ftag=228542;lr;r2=on>,<sip:52.20.161.184:5060;transport=tcp;ftag=228542;lr;r2=on>\r\nMax-Forwards:  8\r\nTo:  <s"...,
    len=<optimized out>, rcv_info=rcv_info@entry=0x7ffe798f4fd0,
    existing_context=existing_context@entry=0x0, flags=flags@entry=0)
    at receive.c:209
#32 0x0000000000609616 in udp_read_req (si=<optimized out>,
    bytes_read=<optimized out>) at net/proto_udp/proto_udp.c:182
#33 0x00000000005ec489 in handle_io (idx=0, event_type=2, fm=<optimized out>)
    at net/net_udp.c:261
#34 io_wait_loop_epoll (h=<optimized out>, t=<optimized out>,
    repeat=<optimized out>) at net/../io_wait_loop.h:284
#35 udp_start_processes (chd_rank=chd_rank@entry=0x924164 <chd_rank>,
    startup_done=startup_done@entry=0x7f29a57137e0) at net/net_udp.c:389
#36 0x000000000041c107 in main_loop () at main.c:782
#37 main (argc=<optimized out>, argv=<optimized out>) at main.c:1439
(gdb) quit

Describe the traffic that generated the bug

Receiving a UDP SIP ACK at the end of startup.

To Reproduce

Relevant System Logs

OS/environment information

  • Operating System: Red Hat 7.3.1-5
[    0.000000] Linux version 4.14.128-112.105.amzn2.x86_64 (mockbuild@ip-10-0-1-
243) (gcc version 7.3.1 20180303 (Red Hat 7.3.1-5) (GCC)) #1 SMP Wed Jun 19 16:5
3:40 UTC 2019
  • OpenSIPS installation: v2.4 built from source. (See commit ID above)
  • other relevant information:
    Modules loaded:
loadmodule "proto_udp.so"
loadmodule "sl.so"
loadmodule "signaling.so"
loadmodule "uri.so"
loadmodule "maxfwd.so"
loadmodule "db_postgres.so"
loadmodule "db_virtual.so"
loadmodule "sipmsgops.so"
loadmodule "mi_datagram.so"
loadmodule "rr.so"
loadmodule "event_route.so"
loadmodule "cfgutils.so"
loadmodule "avpops.so"
loadmodule "tm.so"
loadmodule "dispatcher.so"
loadmodule "json.so"
loadmodule "statistics.so"
loadmodule "cachedb_local.so"
loadmodule "rest_client.so"
loadmodule "permissions.so"
loadmodule "nat_traversal.so"
loadmodule "proto_hep.so"
loadmodule "siptrace.so"
loadmodule "proto_tcp.so"
loadmodule "proto_tls.so"
loadmodule "tls_mgm.so"
loadmodule "exec.so"

Additional context

Every time that we see this crash, it is on start-up. It is not consistent. i.e. It does not consistently crash.

Metadata

Metadata

Assignees

Labels

bughigh-priority

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions